Procedure for calculating taint?

8

1

I'd like to understand taint analysis quantitatively. Blockchain.info offers a service that will calculate taint, but I've found no good explanation for how taint is calculated.

The best (and only) explanation I've found so far appears in the paper Anonymity of Bitcoin Transactions:

enter image description here

The taint analysis works by calculating the percentage of the amount of bitcoins that might origin from another address, thus revealing connections in the transaction graph. In the simplified example in Figure 4, A1 and A3 would have a taint of 75% and A2 a taint of 25%. However, it can only detect direct connections in the graph and does not consider any context information.

This explanation is confusing. Taint is measured between two pseudonyms (addresses). It's not a property of a particular pseudonym. The paper seems to be missing the part that says the taint scores for A1, A2, and A3 are relative to A4. If so, then the scores make sense.

However, it's not clear what would happen for more complex chains of ownership. For example, imagine another pseudonym, A5 that pays A1 5 BTC. What would be the taint score between A5 and A4?

I've seen this, but it doesn't discuss how to compute a taint score between two pseudonyms.

What I'd like to see is the outline of a step-by-step procedure for calculating taint, as done by Blockchain.info. If I had to guess, here's how the procedure would look:

  1. Find two pseudonyms, S (source) and T (target). Funds flow from S to T.
  2. Using the block chain, find a chain of ownership Ci from each coin controlled by S to T.
  3. For each chain of ownership Ci, find the lowest valued coin transfer mi.
  4. Sum all mi, giving m.
  5. Sum the value of all outputs received through T, giving s.
  6. Taint is defined as m/s.

Using this procedure would give a taint score of 50% between A5 and A4 (2 / 4).

Is this correct?

Rich Apodaca

Posted 2015-05-28T17:56:52.910

Reputation: 1 896

I haven't gotten around to going to the source, but I too find the example confusing. If I had to come up with a metric, I'd measure taint as an attribute of UTXO, not addresses. I.e. 1BTC claimed stolen, therefore 100% tainted getting spent together with 0.5 clean BTC would result in a UTXO with taint of 2/3.Murch 2015-06-01T00:32:35.633

Ah sorry, I started reading the paper and realized that it uses taint in a different context than the Bitcoin community usually does. Usually "taint" refers to the amount of coins traceable to a known theft, this paper however is using it as a term to measure address correlation. That's why I was confused and will remove the tainted-coins tag in a moment.Murch 2015-06-01T08:57:59.640

Answers

4

I think I have an answer. It's not clear if this is how blockchain.info does it, but I'm not sure it matters, either.

Taint is very similar to the everyday experience of diluting a liquid.

Imagine starting with three glasses. One glass contains orange juice. The second contains water. The third is empty.

Pouring some or all of the orange juice into the empty glass doesn't dilute it at all. However, pouring a 1:1 mixture of orange juice and water into the empty glass dilutes the orange juice.

We can define a metric called dilution factor. Dilution factor equals the final volume contained in the formerly empty glass divided by the volume of orange juice added. The dilution factor for a 1:1 mixture is therefore 2 (2 / 1). If no dilution takes place, then the dilution factor is 1. More generally:

dilution factor = V2 / V1 if V2 > V1

dilution factor = 1 if V2 <= V1

We can add another empty glass and dilute again. For example, we can take half of the diluted orange juice and dilute it with an equal volume of water. This gives a second dilution factor of 2.

The overall dilution factor equals the cumulative product of the dilution factor at each step. In this case, it is 4 (2 x 2).

Now imagine that monetary value is like a liquid, and an output is like a container. We can do dilution analysis just like we did with orange juice.

In this case, the dilution factor tells us how diluted the value of an output in a chain of ownership has become relative to a downstream output. Provided that the limits of this metric are clear, it can be useful.

The liquid being diluted is "taint". In this model, "taint" would be the multiplicative inverse of dilution factor. A dilution factor of 2 implies a taint of 50% (1/2).

Returning to the question posed above, given this chain of ownership, find the dilution factor between A5 and A4:

A5(5 BTC)->A1(2 BTC)->A3(3 BTC)->A4(4 BTC)

The dilution factors are, from left to right: 1; 3/2; 4/3. Multiplying them together gives 1 x 3/2 x 4/3, or 2. This is a 50% taint, the same answer as I got above.

However, the answer postulated in my original question is wrong in that it doesn't account for serial dilution. Consider this chain of ownership:

A5(1 BTC)->A1(5 BTC)->A3(3 BTC)->A4(4 BTC)

The serial dilution factor is 5 x 1 x 4/3, or 20/3.

Simply dividing the final value by the minimum value upstream gives a dilution factor between A5 and A4 of 4/1.

Rich Apodaca

Posted 2015-05-28T17:56:52.910

Reputation: 1 896

Asked: 2015-05-28T17:56:52.910

Viewed: 1 315 times

Active: 2017-10-31T23:20:27.260